Chapter 8. Vulnerability Management
Before we discuss Payment Card Industry (PCI) requirements related to vulnerability management in deep, and find out what technical and nontechnical safeguards are prescribed there and how to address them, we need to address one underlying and confusing issue of defining some of the terms that the PCI Data Security Standard (DSS) documentation relies upon.
These are as follows:
■ Vulnerability assessment
■ Penetration testing
■ Testing of controls, limitations, and restrictions
■ Preventing vulnerabilities via secure coding practices
Defining vulnerability assessment is a little tricky, since the term has evolved over the years. The authors prefer to define it as a process of finding and assessing vulnerabilities ...